P2015-ND-47

Employees of the Organization are required to submit information and provide supporting documentation to request reimbursement of employment-related expenses by way of wire transfer to an overseas bank account. Employees scan the information into the Organization?s SAP system as confidential, which restricts access to a limited number of employees with designated access. In July 2013, the Organization?s Privacy Coordinator was notified that the information at issue was scanned into the system without required access controls. The Organization conducted an audit and investigation and found that, between January 2012 and July 2013, information for 26 individuals had been uploaded without the proper access controls. The information at issue may have been accessible to 1,100 of the Organization?s employees. The Organization does not have the ability to audit if any of its employees accessed the personal information.

File Type: pdf
File Size: 180 KB
Categories: 2015